US8433914B1ActiveUtility

Multi-channel transaction signing

93
Assignee: PHILPOTT ROBERT SPriority: Feb 25, 2010Filed: Jun 22, 2010Granted: Apr 30, 2013
Est. expiryFeb 25, 2030(~3.6 yrs left)· nominal 20-yr term from priority
H04L 9/3215H04L 9/3247
93
PatentIndex Score
34
Cited by
16
References
18
Claims

Abstract

A transaction system combats malware and phishing-based MitM attacks on transaction processing systems by using digital signatures to integrity-protect the user-verified transaction data. With this system, a user submits a transaction from a client device (e.g., desktop web browser) over a communications channel to a server device, such as a transaction server. Before accepting the transaction, the transaction server securely delivers all relevant transaction data to a second device (e.g., the signing device), such as a smart phone, in the possession of the user. The signing device has its own distinct communication channel with the server device. The user verifies the data and the signing device creates a digital signature value for the transaction. The user submits the signature to the transaction server to confirm the transaction with the transaction server.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method performed in a first client-side device, the method comprising:
 receiving transaction data, at the first client-side device, over a first communication channel from a remote server, in response to a user submitting a transaction request to the remote server via a second client-side device, the second client-side device being distinct from the first client-side device, over a second communication channel, the second communication channel being distinct from the first communication channel; 
 displaying the received transaction data in a format visible to the user; 
 receiving, at the first client-side device, confirmation from the user that the displayed transaction data is correct; 
 receiving, at the first client-side device, additional transaction data from the user, the additional transaction data including information concerning the transaction request not included within the received transaction data; 
 in response to receiving the confirmation from the user, calculating, at the first client-side device, a cryptographic signature based on the received transaction data and a cryptographic key; and 
 delivering the cryptographic signature to another entity for authentication, wherein delivering includes:
 sending the calculated cryptographic signature from the first client-side device to the remote server over the first communication channel; 
 wherein calculating includes calculating the cryptographic signature based on the received transaction data, the additional transaction data, and the cryptographic key. 
 
 
     
     
       2. A method as in  claim 1  wherein receiving the transaction data includes:
 receiving, at the first client-side device, an encrypted signal over the first communication channel; and 
 decrypting, at the first client-side device, the encrypted signal to recover the transaction data. 
 
     
     
       3. A method as in  claim 1  wherein:
 the first client-side device is an Internet-enabled cellular telephone; 
 the first communication channel includes a cellular network connection; and 
 receiving the transaction data includes:
 receiving a message over the cellular network connection according to a cellular protocol for short messages, the message including a link to an Internet site; and 
 downloading the transaction data from the Internet site using the link. 
 
 
     
     
       4. A method as in  claim 1  wherein receiving the transaction data includes downloading the transaction data from an Internet site using a preconfigured link. 
     
     
       5. A method as in  claim 1  wherein:
 the received transaction data includes a plurality of data values; 
 displaying the received transaction data in a format visible to the user includes marking as suspect all data values of the plurality of data values that have not previously been authorized by the user; and 
 receiving confirmation from the user that the displayed transaction data is correct includes receiving a separate user override command for every data value of the plurality of data values that has been marked as suspect. 
 
     
     
       6. A method as in  claim 5  wherein marking as suspect all data values of the plurality of data values that have not previously been authorized by the user includes:
 receiving, from the remote server, a set of risk scores, calculated with a risk-based decision engine, the set of risk scores corresponding to the plurality of data values; and 
 identifying data values as suspect based on their respective risk scores. 
 
     
     
       7. A method as in  claim 1  wherein:
 the received transaction data includes a plurality of data values; 
 the first client-side device is pre-configured with a particular data value; and 
 calculating includes calculating the cryptographic signature based on the received transaction data, the pre-configured particular data value, and the cryptographic key. 
 
     
     
       8. A method as in  claim 1  wherein the transaction data includes a unique data value that serves to identify the transaction, the unique data value being unrelated to a transaction associated with the transaction data. 
     
     
       9. A method as in  claim 1  wherein:
 the method further includes calculating a unique counter value; 
 calculating the cryptographic signature includes calculating the cryptographic signature based on the received transaction data, the unique counter value, and the cryptographic key. 
 
     
     
       10. An apparatus comprising:
 memory, the memory storing a cryptographic key; 
 a network interface for communicating with a remote server over a first communication channel; 
 a display device; 
 a user interface; and 
 a controller, the controller configured to:
 receive transaction data via the network interface from the remote server over the first communication channel, in response to a user submitting a transaction request to the remote server via a client-side device, the client-side device being distinct from the apparatus, over a second communication channel, the second communication channel being distinct from the first communication channel; 
 cause the display device to display the received transaction data in a format visible to the user; 
 receive, via the user interface, confirmation from the user that the displayed transaction data is correct; 
 receive, via the user interface, additional transaction data from the user, the additional transaction data including information concerning the transaction request not included within the received transaction data; 
 in response to receiving the confirmation from the user, calculate a cryptographic signature based on the received transaction data and the cryptographic key stored in memory; and 
 deliver the cryptographic signature to another entity for authentication, wherein, while delivering the cryptographic signature to the other entity for authentication, the controller is configured to:
 send the calculated cryptographic signature to the remote server over the first communication channel via the network interface; 
 
 wherein calculating includes calculating the cryptographic signature based on the received transaction data, the additional transaction data, and the cryptographic key. 
 
 
     
     
       11. An apparatus as in  claim 10  wherein the controller, when receiving the transaction data via the network interface, is configured to:
 receive, via the network interface, an encrypted signal over the first communication channel; and 
 decrypt the encrypted signal to generate the transaction data. 
 
     
     
       12. An apparatus as in  claim 10  wherein:
 the apparatus is an Internet-enabled cellular telephone; 
 the first communication channel includes a cellular network connection; and 
 the controller, when receiving the transaction data via the network interface, is configured to:
 receive a message over the cellular network connection according to a cellular protocol for short messages, the message including a link to an Internet site; and 
 download the transaction data from the Internet site using the link. 
 
 
     
     
       13. An apparatus as in  claim 10  wherein:
 the received transaction data includes a plurality of data values; 
 the controller, when causing the display device to display the received transaction data in a format visible to the user, is configured to mark as suspect all data values of the plurality of data values that have not previously been authorized by the user; and 
 the controller, when receiving confirmation from the user that the displayed transaction data is correct, is configured to receive a separate user override command for every data value of the plurality of data values that has been marked as suspect. 
 
     
     
       14. In a transaction server, a method for authenticating a transaction, the method comprising:
 receiving, by the transaction server on a first communication channel, a transaction request from a client device; 
 transmitting, by the transaction server on a second communication channel, a signature request to a signing device, the second communication channel being distinct from the first communication channel and the signing device being distinct from the client device; 
 receiving, by the transaction server, a cryptographic signature generated by the signing device based on (a) transaction data provided by the transaction server as part of the signature request, (b) additional transaction data from the user, and (c) a cryptographic key provided to the signing device by the transaction server; 
 calculating, by the transaction server, an expected cryptographic signature based on original transaction data included in the transaction request from the client device and the cryptographic key; and 
 authenticating the transaction if and only if the received cryptographic signature matches the expected cryptographic signature. 
 
     
     
       15. A method as in  claim 1  wherein the cryptographic key is provided to the first client-side device by the remote server. 
     
     
       16. A method as in  claim 1  wherein receiving the transaction data over the first communication channel from the remote server includes receiving, at the first client-side device, the transaction data within a signature request transmitted from the remote server to the first client-side device over the first communication channel, the signature request further including a request for the first client-side device to provide the cryptographic signature in response to confirming that the transaction data is correct. 
     
     
       17. An apparatus as in  claim 10  wherein the cryptographic key stored in memory is provided to the apparatus by the remote server. 
     
     
       18. An apparatus as in  claim 10  wherein the controller, when receiving the transaction data from the remote server over the first communication channel, is configured to receive the transaction data within a signature request transmitted from the remote server to the apparatus over the first communication channel, the signature request further including a request for the apparatus to provide the cryptographic signature in response to confirming that the transaction data is correct.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.